Slashdot Mirror
PalmTop offers legally binding E-signatures
mulan writes "Following the approval of S.761 (Millennium Digital Commerce Act), PalmTop has released software which will do just that. Using a Palm app and a Windows-based conduit, digital documents may be legally signed via the Palm device. Pricipal markets include online vendors. This could also help reduce fruadulant credit card transactions on the Internet. " It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad. However, until Oct. 31, you can get free copies for the Palm (OS3 or better).
With all the devices out there not requiring any signature (gas pumps), not requiring validation of ID or signature (grocery store) or any proof that you are who you say you are - what's the use or the value of a written signature anyway these days?
According to the local police, a ring of credit card thieves moved into this area recently. They would get the card numbers (trash, receipts, etc.) and make mail-orders for goods that they could later sell (sports shoes, car parts). They would ship UPS to the card user's home address, then call up UPS and ask if they could pick up the order at the UPS station instead. They would go in and "sign" for the goods and be well on thier way before anyone was the wiser.
In no case was there any validation of signature in this process. And who was going to be expert enough to "validate" it if there were? In these days of credit and debit cards, a written signature is an anachronism.
Now, an electronic binary signature (public key anyone?) would be interesting.
Just rambling,
-bill rankin
Why do you assume that the signature is stored or used as a bitmap? That would not only be more expensive in terms of storage, it would remove the ordering and speed information from the strokes.
A shape forgery is reasonably easy. A shape, style, and speed forgery, OTOH, is unprecedented.
At the same time, I can see an opportunity for me to forge my own signature -- I could record my signature and hack it into the Palm, and make the PalmOS imitate that exact pen movement whenever I enter a grafitti stroke. Then I can deny that I signed a given document, and show reasonable doubt by demonstrating that someone could have used the pen echo.
I don't see much chance for someone aside from me being able to steal my authentication, though. Even with that signature imitator, they'd still have to get my Palm away from me (here, Billy! Here's a free Palm Vx!) and get me to tell them my passcode.
-Billy
Figuring out the entropy of the signature is harder than that, though. Let's suppose your grid is 120x120 (that's the PalmPilot, so it's realistic). Let's say my signature is a straight line covering half the display -- 60 pixels with about one bit per pixel (because my hand will wander up and down about one pixel for every one I traverse).
Sixty bits is actually getting halfway reasonable, but there's more -- my speed in making the signature is also characteristic. You're ignoring that in your (lack of) analysis. I'm not going to attach numbers to that for now; the speed there can vary immensely, though, so it's a substantial factor.
This pseudo-analysis ignores the fact that most people don't sign with an almost straight line at constant drawing speed, but rather sign something which once looked like their name. Thus, 60 bits is a strict lower bound. Considering that this digital signature method also depends on a pregenerated key (passphrase protected), this signature seems to me to be quite solid (in theory; of course, we know that the code isn't public).
Now, you point out that Joe User is revealing parst of his private key with every signature. This is true, but with the addition of the preencoded key brute-forcing the signature becomes very unattractive.
Signed, BilOey JnxlY
(William Tanksley)
Figuring out the entropy of the signature is harder than that, though. Let's suppose your grid is 120x120 (that's the PalmPilot, so it's realistic). Let's say my signature is a straight line covering half the display -- 60 pixels with about one bit per pixel (because my hand will wander up and down about one pixel for every one I traverse).
Sixty bits is actually getting halfway reasonable, but there's more -- my speed in making the signature is also characteristic. You're ignoring that in your (lack of) analysis. I'm not going to attach numbers to that for now; the speed there can vary immensely, though, so it's a substantial factor.
This pseudo-analysis ignores the fact that most people don't sign with an almost straight line at constant drawing speed, but rather sign something which once looked like their name. Thus, 60 bits is a strict lower bound.
And do you know what the worst part is? The signature isn't part of the key -- it's transmitted fully publicly. The signature is simply a visual (and technicly analysable) proof that the person who originally registered the appropriate password actually approved of the document. This is something that normal authentication systems don't have -- a means of checking what person is associated with the secret key.
In order to compromise this system, an external attack would have to discover the passphrase AND forge the signature well enough to both look recognisable and analyse as belonging to the victim.
Now, I can see a cool internal attack: capture your own signature, macro it, and use the same signature to sign two letters, one of which is trivial and in your control, the other of which you use to get something, then when payment is requested you dispute it on the basis that the signature is an obvious electronic copy of the one on this other letter.
In other words, forgery remains the same basic problem, but it seems a little easier to fight now, since the signature can be completely analysed (including speed info) and there's a passphrase/secret key involved.
Signed, BilOey JnxlY
(William Tanksley)
Actually, a "digital signature" is a lot more secure than a physical one these days. Although it's hard to forge a written signature by hand, it's trivial to scan or photocopy it, and only moderately difficult to digitize it into X-Y plotter coordinates (to draw it with a real pen).
Digital signatures are much better since they start by taking a digital checksum (e.g. md5sum) of the document being signed, and then sign this information with an RSA-style private key. Therefore, each document gets a different digital signature, and copy-pasting the signature block onto a different document will produce an invalid signature.
Another bonus is that if your private key (perhaps stored in a Dallas Semiconductor crypto iButton) is stolen, you can just revoke your public key so that no further signatures from that key are trusted.
The problems with current digital verification systems is that they rely on the user to provide the security. Passwords, PGP Keys, Signatures, PIN numbers can all be written down, copied, monitored or grapped.
The only way I can see that documents/transactions can certified as being accurate is if the verification takes place in front of you. This is why documents, such as passport applications, require witnesses from professionals.
Don't get me wrong, I am not looking for a situation where retina scans coupled with finger print technology are incorporated into everything under the sun, I just feel that more steps could be taken to ensure the authenticity of digital "signatures".
Perhaps implimentating a central register of "signature" verifiers - such as banks - is the way forward. A user would then digitally sign a web order with their Visa number on it and then the issuing bank - or maybe even the Visa people - would authorise against the signature. Okay, the administration of such a system would be a nightmare but not impossible!
With the current system announced by 3Com, the lack of platforms supported will be it's downfall. But hey, we knew that much anyway......
The URL to the site should be http://www.penop.com
But from several earlier discussions, so please don't moderate it as such...
No matter how much progess we make on the digital signature front, we still need to ask if we can trust who is in charge of managing the keys.
It's trivial to swap the keys on the server, and in doing that you've blown the whole signature idea. You can send an email to me, but Bob's made sure i have his public key with your name attatched to it, so then he can send a completely different signed email and i'd never know the difference without a phone call...
Or how about i go through whatever paperwork is involved and get a keypair from the issuing authority, but given them all of your information instead. I now have a means of generating untraceable signatures.
At least with current signatures, there's handwriting analysis available, which can generally tell if the signer of the document is trully the signer... It doesn't stop copying and pasting, but until i encounter my own forged signature, I feel much more comfortable with real sigs rather than digital ones.
Lastly, RSA is completely theoretical security. It's security rests in the difficulty of factoring large prime numbers. If next year a researcher at IBM discovers the way factor them and announces it to the world, okay, all of our digitally signed documents are invalid, but that's not so bad...
What if the NSA/CIA/FBI/IRS, or anyone else figures that out, but neglects to tell anyone else? That's my main gripe.
Well, I downloaded the software--or tried to, at least. I got about 900K into the 1.2-meg download before I accidentally caused the download to abort, and couldn't get back in to download it again. Oh well, I'll try again this evening.
I'm not sure how useful this is going to be; I dual-boot and am in Linux most of the time (since I found sync utilities for my Palm), and even when I'm in Windows, I don't have Word on it--I don't have the hard drive space! On the other hand, I can get a legitimately-registered copy of Office 2000 from my school, if I just had the space on which to put it...guess I'm going to have to see about getting one of those 12-gig hard drives to move all my games onto...
Well, I'll just have to see how useful this turns out to be. At least it's free (until October 31).
If the PenOp people are smart, they'll soon come out with plugins and packages for other popular wordproc applications, including the Linux ones. I've written their tech support address to ask about that possibility, and would suggest that anyone else with an interest in this new technology do the same. Maybe if they perceive demand, they'll do it sooner.
Editor Emeritus and Senior Writer, TeleRead.org
The email address is support@penop.com.
Editor Emeritus and Senior Writer, TeleRead.org
(I guess it's too late in the day for this message to have much chance of getting moderated up to where many people will read it. Oh well.)
As someone who works a register at K-Mart (just got back from a four-hour shift today, in fact), I've had a bit of time and cause to ruminate on this subject.
My K-Mart accepts credit cards (of course) and debit cards. As a matter of policy, register operators are supposed to verify signatures on receipts against signatures on back of cards (and ask for ID if the card is unsigned). It's kind of an annoying hassle for both operator and customer ("Why do you have to compare my signature? Doesn't the picture on the license look enough like me?"), which is why a lot of checkout operators don't do it (especially with the new PINpads we've got that let customers run their own cards through). But I do, and occasionally get complimented on my perspicacity by the customers.
The thing is, a lot of the time the signatures don't look a darned thing alike, and what am I supposed to do? Some people just don't sign the same from signature to signature; am I supposed to deny them their purchase based on their inability to duplicate a scrawl?
I, as a cashier, would feel a lot better with some sort of digsig pad (kind of like the folks at Best Buy and Circuit City have, I suppose) with an LCD display signature device--something that would take the customer's signature and flash a little thingie on the screen saying "Verifying..." on it and then verify it against the credit card company or bank's database. After all, we do this already with debit cards or the MICR reader on checks. It would be less work and less responsibility for us (and less likelihood that the #%$@^!! register printer would choose to eat the credit card slip instead of printing it out). And I think the customers would feel better, too, knowing that their signature was being checked on, and not just eyeballed by fallible cashiers with pressure on them to get to the next person in line.
(And maybe that way it would also eliminate those credit card slips we have to have signed for the bank to authorize the transactions. Card number, expiration date, and signature, all in the same place...talk about a security risk!)
Editor Emeritus and Senior Writer, TeleRead.org
Ten years down the road..."
"Omigod! You're Mel Gibson! Can I...can I get your autograph?"
"Why, sure."
(fumbling with Palms)
beep!
"Wow, thanks! I'll...never erase this!"
Editor Emeritus and Senior Writer, TeleRead.org
On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud.
Not a good assumption. Go read Applied Cryptography. There are a lot of companies that have gone and put out systems that were advertised as secure that in reality were almost trivially breakable. I want to know all the details about their system before deciding whether it's secure or not. If the details aren't disclosed, it's not secure.
I still think problems.
The first problem is the classic one: key management. Tons has been written about it, but it usually boils down to either (1) central "approved" authority (== govt), or (2) a web of trust (a la PGP). Both approaches have serious problems, IMHO, and key management continues to be a big mess.
The second problem is also the classic one: poor passphrases. Again, well-known, and again, hard to do something about.
Plus the third problem, which just popped into my mind: Let's say Alice gives me a digitally signed note saying "Dear bank, please give to the bearer $10". Fine. I go to the bank and get $10. Rinse, repeat as desired. In other words, what to do about multiple copies of a signed document?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
You can't just copy a digital signature from another document because it is inextricably linked to every bit in the signed document. The process for document D is as follows:
1. Take a cryptographic Hash of D to get H(D) (It is very hard to make another D with the same H(D))
2. Prompt user for passphrase P. Take a hash of passphrase H(P) and use it to decrypt the encrypted private key E(H(P), private). So, D(H(P), E(H(P), private) ) == private
Encrypt H(D) with the signer's private key and include it as the signature. E(private, H(D)) == signature
3. Now anyone who knows the public key of the user can verify the signature by decrypting the signature using the user's public key and hashing the document itself and then comparing. E(public, signature) == H(D) =?= H(D)
If it matches, the signature is valid, if one bit is changed in D, then it is incredibly unlikely that the H(D)'s will match.
I do agree that a poor implementation and poor passphrases from the user do make this scheme a bit troublesome. Assuming good passphrases are used, you would need to borrow the pilot and subvert it in someway. Or... look for emissions from the pilot and try to steal the passphrase or private key that way. Either are more likely to work than breaking the signature scheme.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -----Benjamin Franklin
It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad.
Just for reference, the IBM workpad's are just rebranded Palms (III's, V's) 'cept the Workpad z50 which is a CE mini-laptop.
Pardon? What an inane restriction; limiting this software to webservers only running Win32 operating systems is going to severely limit its use. A vast majority of the webservers out there are running Apache or other U-ix-based servers. Does anyone running a website on Windows 98 really have a need for digitally authenticated documents?
Though it's a step in the right direction, I don't think that this is the program that's going to make digital authentication of documents a reality. The best solution for digital signatures has been and continues to be public-key encryption (PGP, et. al.).
I didn't mean they were necessarely stored as bitmaps, but I was questioning the resulting keyspace.
Say your grid is 50x50. Each pixel is either black or white. That means 2^2500 possibilities. It seems impressive, until you consider the number of contraints on it; for instance, you'll never have a completely black grid. Most of the time, the black dots will be connected into a line. If the pen point is fat, you'll always have a black point next to another. If you know the person's name, it's another indication of what the signature will be like.
So, in effect, it's a rather big keyspace, but with so many restrictions (not to mention you can know what the keyspace is like, just by finding the person's signature, which is not secret!) that in the end it's worthless next to traditional digital certificate keyspace.
It's like showing your private key in public, but you hide out bits of it. Any security administrator will tell you it's not just stupid, it's an invitation to a crack.
So, in short, with this thing, they're going to great lengths to provide a security system which is, well, total crap compared to any moderately-strengthed cryptosystem.
But it sounds cool, so I bet the layman will say, 'Oh! THAT's what they meant by digital signature!' and swallow it up. It's not impressing this cryptogeek, however.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Why is a scribble considered legally binding? A handwritten signature is much more easy to counterfeit than a strong digital signature using PKi.
It seems to me like this is bending backwards to get some sort of digital signature of documents. Why is it that they have to use a Palm front-end to collect a signature? What's to prevent from capturing the signature as a JPG and then putting it elsewhere? What I mean is, some sort of pixelised display is not a valid way to sign a digital document.
Why not use a simple PKi architecture for signatures? The keyspace is certainly larger than a low-res collection of pixels. You don't have to do signature recognition.
It's a sad fact that the industry is taking forever to understand digital signature and identification. It's the same thing for e-commerce, for instance... Yes, you can get cracked. But you can also get tapped when saying it aloud on a phone line. Yet the first case flares up the imagination, whereas the later is just seen as a pretty unimaginative technical feat.
What I want is a central digital authentification authority, be it run by the Government or what have you. Then we can dispense with the petty scribbles.
I want my... I want my PKi...
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
I forsee a lot of difficulties with using the Palm signature. If someone gets their hands on one person's digital signature on disk (or ram card or whatever else), they can use their authentic signature all over the place.
"Yes, I _am_ sure I want to sell this property to this person for $1.00."
OFTC: By the community, for the community
This is the most recent info on the status of current legislation regarding e-signatures that I could find during my lunch hour: http://www.techlawjournal.com/internet/19991014.ht m
/. public. Get this on people's radar screens!!! Else don't complain when the federal government passes some kind of fatally misinformed legislation.
The "Following the approval of S.761 (Millennium Digital Commerce Act)" bit is a little misguiding, I believe. As far as I can tell (disclaimer - I'm a legal ignoramus) the laws governing the use of digital signatures remain unchanged.
If you ask me, this is EXTREMELY importantant legislation. What defines an acceptable digital signature? Who (current debate seems to concern state/national authority) defines acceptable use of digital signatures? Etc.
I think this subject deserves immediate and intense attention by people wise to the issues. E.G. the
--Lawrence Lessig for Congress!
"Did any of your bother to READ the site?"
= -=-=-=-=-=-=-=-
"1) You physical Palm device"
[cries]
I proof-read that submission twice! Can't someone invent a program that can keep me from looking like such an idiot on a regular basis?
Serious (however off-topic)...has anyone ever ranked the number one typo on the Internet? I would be shocked if it isn't you/your...
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
NOTE TO SLASHDOT: Update the news article to include the proper URL...it's PenOp not PalmTop.
= -=-=-=-=-=-=-
If you read the Product information, you can plainly see PenOp software can verify the identity of the signer using biometrics (such as signature dynamics and fingerprints), digital ids (such as Entrust certificates), and infometrics (such as passwords. I also noticed when I went to download a copy that it is appear to be keyed to your Palm's serial number. You get a PIN to unlock the software that will probably be matched to this serial number...
So to those people whining about fraud...this is not about sending a bitmap image of your signature around. That tech has existed on the Palm for years (TealPaint is a good one) and is not newsbreaking in any way.
This is secure because, in order to pretend to be you, someone would need:
1) You physical Palm device
2) The ability to sign a document in the same biometrical (if that's a word) manner...not just looking at it and copying it visually
3) A pin number to verify their identity
4) A copy of the conduit on your home PC, which probably has the other part of a digital key.
I'm no expert but the "something you have + something you know" approach in a very good one. You need a physical device and detailed information about how a person signs and/or what their PIN is.
Please, people, avoid making uninformed comments on your interpretation of how you think a system might in fact sorta kinda maybe work. =)
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud. And if the system is insecure, I'm pretty such that the Slashdot-er's will be the first to find that out and make it known to the world, thus preventing the so called wide spread fraud.
Once again the world is saved by Slashdot.
The concept is wonderful. I'm so sick of having to do half of my business on the web only to have to wait for an application or something else to hit snail mail before I can continue. I had to do this with my online back, with E-Trade, with credit cards and with my credit report. Mostly financial information needs a true signature to complete. While this is a great step in the right direction.. almost.. there is a problem. We not only have someone storing a signature on file to use elsewhere but the criminal aspect is immense. So you require realtime signatures ? Fine, I could code a program to take your signature and not only "re-write" it real-time, but vary it slightly from each signature so that it appears not to be a carbon copy. It's going to be almost impossible to do this realistically. I would almost prefer, for my own safty, that this not be legally binding. Signatures would have to be "disputable" like credit card transactions are now.
SL33ZE, MCSD
em: joedipshit@hotmail.com
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -